Author: Jenny List

Back in February this year, we ordered a new single board computer, and reviewed it. The board in question was the Asus Tinker Board, a Raspberry Pi 3 competitor from the electronics giant in a very well-executed clone of the Raspberry Pi form factor.

Our review found its hardware to be one of the best of that crop of boards we had yet seen, but found serious fault with the poor state of its software support at the time. There was no website, the distro had to be downloaded from an obscure Asus download site, and there was no user community or support channel to speak of. We were then contacted by some of the folks from Asus who explained that the board had not yet been officially launched, and that the unit we’d secured had escaped the fold a little early.

Six Months As A Bench Computer

Thus it’s been a nagging discomfort that this was a product to which we didn’t really do adequate justice. We put an update in our review after the Asus people got back to us, but at the time there was still no online support so we couldn’t update the substance of the review itself because we had nothing to go on.

So over six months later it’s time to return to the Tinker Board and take a look at the state of its distro and at its support offering. Has it improved, and is it now a worthy contender to the Raspberry Pi crown in more than just its very capable hardware?

Our review board has seen plenty of use in that time. It has served as my bench computer and let me tell you, it’s been a fantastic little board. It has provided a handy web terminal for technical look-up while working on hardware, and it has been very capable as an authoring and graphics manipulation platform for Hackaday stories requiring some bench time. If you are a regular reader, you will have read plenty of articles composed on it. It’s had regular apt-get update/upgrade cycles and I’ve fitted the little stick-on heatsink that came with it because eventually I managed to get it warm enough that it crashed a few times, but otherwise it has remained as it came out of the box in February, with an early version of the distro.

Distro Confusion And Mild Lack Of Polish

A tiny bit of apt-get magic gave us a screenshot of the Tinker Board desktop.

So to bring it up to date for this re-appraisal I went to the Tinker Board website and downloaded the latest version, which was TinkerOS 1.8. It’s important to stress that this is the official version: there are distributions with newer release numbers available from community members, but it is unclear whether or not they are not official TinkerOS releases. It’s not ideal that community members release their own distros while continuing the Asus numbering scheme — in fact they should probably be forks — so for the purposes of this review I’m sticking with the official download from the web site because that will be the one retail customers find. It’s worth pointing out that there is also an Android distribution, but since this is a comparison with the earlier review it’s being ignored here.

Installation was a straightforward affair: transferring the disk image to an SD card as you’ll be familiar with if you’ve owned a Raspberry Pi. They mention a shell script to do the job, but I did it by hand at the command line in the way I am used to. Booting the Tinker Board from the new distro I was straight away taken to an LXDE desktop over Debian Stretch.

I hit the first snag immediately. Despite runniing a capable monitor, the Tinker Board desktop had appeared in an SVGA-tastic 800 x 600 pixel resolution. Sadly there was no option to change this in the desktop display settings, but a quick Google search took me to the support forum and this thread, which allowed me to create an entry for my monitor. The second snag came when I tried to take a screenshot: despite being bound to the Print Screen key, it seems gnome-screenshot is missing from the distribution. The latest version of TinkerOS is a lot less rough around the edges than the early version I had in February, so it might seem as though I am nitpicking over minor stuff, but it’s important to remember both the competition for this board and its likely market. These are both problems which do not exist in the equivalent Raspbian distro on a Raspberry Pi 3. For the non-technical users and younger people who may end up with this board it is likely that they will cause many more problems than they would to you or I, Hackaday readers. I sense that the creators of this distro could fix both with relative ease; that they haven’t suggests there is still a lack of attention to detail.

Maybe The (British) Forum Can Win Your Hearts And Minds

If the desktop still lacks a little polish, maybe the Tinker Board can rescue its reputation in the support area. Interestingly on the American Tinker Board site there is no link to a forum, while the UK site has a link to tinkerboarding.co.uk. This site has a wiki and a forum, and appears to have been set up in conjunction with the British retailer Currys/PC World, who are a major British seller of the board. Full marks to them for doing that; it’s a rare case of British consumers not being the ones left in the cold for once, but it is perplexing that Asus haven’t seen fit to provide the resource themselves. So if you’re a Tinker Board owner from elsewhere in the world seeking support, come to the British forum.

If there is a reason to buy a Tinker Board other than the good quality hardware, it lies in the tinkerboarding.co.uk site. It lacks the huge user base and years of archives you’ll find on the Raspberry Pi forums, but in terms of its answers to any queries that have arisen during the writing of this article it has proved to contain quality answers from knowledgable users. This has the potential to grow into an extremely useful resource for Tinker Board users, and could prove to be the making of the platform.

So, having re-evaluated the Tinker Board software and support offering, how does it stand up? It’s definitely a better answer than it was in February, but the final judgement has to be a little mixed. It is now straightforward to download a distro and get started, and the forum has proven to be a useful resource, but there is certainly an air of confusion around the delivery of the Tinker Board support package from Asus. The official distro lacks polish, there is a confusing situation with respect to newer versions, and the only support resource that’s any good is provided not by Asus but by a retailer in only one country. Retailers pick up and put down product lines on a whim, there’s no guarantee that the forum will be a permanent fixture.

No Longer A Board Only For Linux Savants

Would we advise you to buy one, now a few months have passed? It’s still a piece of genuinely Raspberry-Pi-3-beating hardware, so our original assessment of a “yes” on the hardware front still stands. But how about on the software and support side? Back in February we suggested it was more of an experts-only board, and castigated Asus for a poor offering. Now they have considerably improved that offering, but we’d probably still advise a little caution if buying one for a complete non-technical newbie. Compared to a Pi, we’d still be fixing a lot of issues if we put a Tinker Board in front of our grandparents, for example. We would change our advice, though, for the middle ground. If you were considering this for someone who has already used a Raspberry Pi and has some Linux exposure, we think it would be within their grasp to figure it out. They would be able to find solutions on the forum and use apt-get to install software where the naive user probably wouldn’t.

So you no longer need to be a Linux savant to use a Tinker Board, though it may still be a bit tricky for newbies. Which isn’t perfect, but it represents significant progress for six months. We’ll take it.

Last week we reported on some work that Sparkfun had done in reverse engineering a type of hardware card skimmer found installed in gasoline pumps incorporating card payment hardware. The device in question was a man-in-the-middle attack, a PIC microcontroller programmed to listen to the serial communications between card reader and pump computer, and then store the result in an EEPROM.

The devices featured a Bluetooth module through which the crooks could harvest the card details remotely, and this in turn provides a handy way to identify them in the wild. If you find a Bluetooth connection at the pump bearing the right identification and with the right password, it can then be fingered as a skimmer by a simple response test. And to make that extra-easy they had written an app, which when we reported on it was available from a GitHub repository.

In a public-spirited move, they are now calling upon the hardware hacker and maker community to come together today, Monday, September 25th, and draw as much attention as possible to these devices in the wild, and with luck to get a few shut down. To that end, they have put a compiled version of the app in the Google Play Store to make it extra-easy to install on your phone, and they are asking for your help. They are asking for people to first read their tutorial linked above, then install the app and take it on the road. Then should any of you find a skimmer, please Tweet about it including your zip code and the #skimmerscanner hashtag. Perhaps someone with a bit of time on their hands might like to take such a feed of skimmer location data and map it.

It would be nice to think that this work might draw attention to the shocking lack of security in gas pumps that facilitates the skimmers, disrupt the finances of a few villains, and even result in some of them getting a free ride in a police car. We can hope, anyway.

In the early 1980s, there were a plethora of 8-bit microcomputers on the market, and the chances are that if you were interested in such things you belonged to one of the different tribes of enthusiasts for a particular manufacturer’s product. If you are British though there is likely to be one machine that will provide a common frame of reference for owners of all machines of that era: The Acorn BBC Microcomputer which was ubiquitous in the nation’s schools. This 6502-driven machine is remembered today as the progenitor and host of the first ARM processors, but at the time was notable for the huge array of built-in interfaces it contained. Its relatively high price though meant that convincing your parents to buy you one instead of a ZX Spectrum was always going to be an uphill struggle.

To be fair, running classic hardware on an FPGA is nothing new and there have been a few BBC Micros implemented in this way, not to mention an Acorn Atom. But this project builds on the previous FPGA BBC Micros by porting it entirely to Verilog and incorporating some of the bug fixes from their various forks. There are screenshots of the result running several classic games, as well as test screens and a benchmark revealing it to be a faithful reproduction of a 2MHz BBC Micro.

In unlocking the extra performance, he takes readers through a primer on the device tree, and is happy to report that his transfer rate has increased from 26 to 36 MB/s, a tidy return on his work.

However, the story doesn’t end there. The 8GB Samsung eMMC chip wasn’t quite as roomy as he’d have liked, so it was time to replace it with a 32GB version. Even with careful desoldering, he managed to lift a few pads, though very fortunately they were ones that were either NC or power rails that were duplicated elsewhere. Some tricky reflowing of what is quite a formidable BGA package to do by hand, and he was rewarded with a working board featuring higher flash capacity. We salute him for taking it on, we probably wouldn’t have had the courage.

When your publication is about to hold a major event on your side of the world, and there will be a bring-a-hack, you abruptly realise that you have to do just that. Bring a hack. With the Hackaday London Unconference in the works this was the problem I faced, and I’d run out of time to put together an amazing PCB with beautiful artwork and software-driven functionality to amuse and delight other attendees. It was time to come up with something that would gain me a few Brownie points while remaining within the time I had at my disposal alongside my Hackaday work.

Since I am a radio enthusiast at heart, I came up with the idea of a badge that the curious would identify as an FM transmitter before tuning a portable radio to the frequency on its display and listening to what it was sending. The joke would be of course that they would end up listening to a chiptune version of [Rick Astley]’s “Never gonna give you up”, so yes, it was going to be a radio Rickroll.

The badge internals.

I evaluated a few options, and ended up with a Raspberry Pi Zero as an MP3 player through its PWM lines, feeding through a simple RC low-pass filter into a commercial super-low-power FM transmitter module of the type you can legally use with an iPod or similar to listen on a car radio. To give it a little bit of individuality I gave the module an antenna, a fractal design made from a quarter wavelength of galvanised fence wire with a cut-off pin from a broken British mains plug as a terminal. The whole I enclosed in a surplus 8mm video cassette case with holes Dremmeled for cables, with the FM module using its own little cell and the Pi powered from a mobile phone booster battery clipped to its back. This probably gave me a transmitted field strength above what it should have been, but the power of those modules is so low that I am guessing the sin against the radio spectrum must have been minor.

At the event, a lot of people were intrigued by the badge, and a few of them were even Rickrolled by it. But for me the most interesting aspect lay not in the badge itself but in its components. First I looked at making a PCB with MP3 and radio chips, but decided against it when the budget edged towards £20 ($27). Then I looked at a Raspberry Pi running PiFM as an all-in-one solution with a little display HAT, but yet again ran out of budget. An MP3 module, Arduino clone, and display similarly became too expensive. Displays, surprisingly, are dear. So my cheapest option became a consumer FM module at £2.50 ($3.37) which already had an LCD display, and a little £5 ($6.74) computer running Linux that was far more powerful than the job in hand demanded. These economics would have been markedly different had I been manufacturing a million badges, but made a mockery of the notion that the simplest MCU and MP3 module would also be the cheapest.

We’ve all heard of card skimmers, nefarious devices that steal the identity of credit and debit cards, attached to ATMs and other machines in which unsuspecting consumers use them. Often they have relied on physical extraction of data from the card itself, such as by inserting a magnetic stripe reader in a fake ATM fascia, or by using a hidden camera to catch a picture of both card and user PIN entry.

The folks at Sparkfun write about an approach they received from a law enforcement agency bearing a selection of card skimmer devices that had been installed in gasoline pumps. These didn’t rely on interception of the card itself, instead they sat as a man-in-the-middle attack in the serial line between the card reader unit and the pump electronics. Let that sink in for a minute: a serial line that is readily accessible to anyone with the pump manufacturer’s standard key, carries card data in an unencrypted form. The owner of the skimming device is the criminal, but the company leaving such a wide-open vulnerability should really be joining them in having to answer to authorities.

The Skimmer Scanner app may help keep you safe.

The device itself is quite simple and well-executed, though it appears that attachment of wires and connectors is a job left to the crook. Some boards boast excellent soldering, while others have joints that are, well, simply criminal. On the board is a PIC microcontroller, a serial Flash chip, and a commodity Bluetooth module. This last component provides the means for the miscreant to harvest their ill-gotten gains, and incidentally a handy means by which compromised pumps can be identified. The Sparkfun people have provided an Android app that interrogates any modules it encounters, and warns of any that return the signature of a skimmer.

It is sad to say that some level of crime is an inevitable feature of the human condition, and therefore it should not be an unreasonable expectation that any entity with which we trust our sensitive data such as a credit card number should take reasonable steps to ensure its security. If a bank transported customer cash through the streets as bundles of $10 bills in open handcarts it is likely that they would get into trouble very quickly, so that the pump manufacturers send card information in the clear over such a readily accessible medium should be a scandal of similar magnitude. That financial institutions prefer to cover up the problem and shift the loss onto the gas stations rather than mandate better device security from the pump manufacturers speaks volumes about their misplaced priorities.

The Mars Climate Orbiter was a spacecraft launched in the closing years of the 1990s, whose job was to have been to study the Martian atmosphere and serve as a communications relay point for a series of other surface missions. It is famous not for its mission achieving these goals, but for the manner of its premature destruction as its orbital insertion brought it too close to the planet’s atmosphere and destroyed it.

The ill-fated Mars Climate Orbiter craft. NASA [Public domain].The cause of the spacecraft entering the atmosphere rather than orbiting the planet was found in a subsequent investigation to be a very simple one. Simplifying matters to an extent, a private contractor supplied a subsystem which delivered a reading whose units were in the imperial system, to another subsystem expecting units in the SI, or metric system. The resulting huge discrepancy caused the craft to steer towards the surface of the planet rather than the intended orbit, and caused the mission to come to a premature end. Billions of dollars lost, substantially red faces among the engineers responsible.

This unit cock-up gave metric-using engineers the world over a brief chance to feel smug, as well as if they were being honest a chance to reflect on their good fortune at it not having happened on their watch. We will all at some time or another have made an error with respect to our unit calculations, even though in most cases it’s more likely to have involved a simple loss of a factor of ten, and not with respect to a billion dollar piece of space hardware.

But it also touches on one of those fundamental divides in the world between the metric and imperial systems. It’s a divide that brings together threads of age politics, geography, nationalism, and personal choice, and though it may be somewhere angels fear to tread (we’ve seen it get quite heated before to the tune of 885+ comments), it provides a fascinating subject for anyone with an interest in engineering culture.